The Guide






About Raj

Security Issues with MS Windows

The Problem
Why is this Misleading?
So How is security breached?
Can Things get shoddier?
Other Resources
Analysis and comparsion with NSA guidlines
World Class Authority
Further links for Reference

The Problem:

The discovery of a backdoor key to Windows may be one of the most "devastating news" for a millions of Windows users. It is for the first time in the history of computer security that such a gigantic breach of trust has transpired.

While on the surface this issue was made to appear as an uproar that cannot be verified really, but there is much too much of information which has been uncovered to raise serious doubts about the security of any Windows based computer system - Windows95, Windows98, Windows2000 or WindowsNT.

Whether the shifting and loss of various online resources at Microsoft's websites has been coincidence, or part of a vain attempt to control the information about this serious problem, cannot be said by anyone not in direct control of those websites.

It all began when remarkable exhibits in the Windows standard drivers used for security and encryption struck a chord in the minds of experts. Things took shape further when at Crypto 98; Nicko van Someren a British cryptography specialist found that Windows drivers when disassembled contained two keys. Further Andrew Fernandes a leading scientist for security software company Cryptonym, a Canadian software firm gave an open claim that NSA (National security Agency) may have a key that could access the core security for the windows operating systems. Andrew Fernandes also verified the recently released NT server service pack 5 and found two keys named "_KEY" and "_NSAKEY". At Crypto'99 he spoke of the secrets behind the two keys.

While the Microsoft developers did not deny the presence of the "_NSAKEY" they also did not also explain satisfactorily the purpose and anonymity of the key. They denied that it belongs to the NSA, but gave excuses for the presence of this fail over key that are difficult to believe.

Andrew Fernandes also asserted that the outcome of a the secret key inside the Windows operating system could mean "that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". <URL:> The facilities protected by that key include most of the cryptographic security of the system.

Microsoft's explanation for this other key is that he other key was a backup key meant for authentication of encrypted components in the event of failure of the first key. (This much is quite true.) Culp from Microsoft claims that "_NSAKEY" was colloquially used and is not shared with any outside party including the NSA. What he failed to explain is that this additional fail over key can be used or even replaced with another key, without any security notifications on the system of compromise. Once used or replaced, the entire hierarchy falls like a tower of blocks. ActiveX may be actually signed by someone other than the one claimed. Java applets, similarly. System libraries, Sessions with otherwise secure Internet servers, Virtual Private Networking - just about anything that has to do with security, that is varified through the CryptoAPI can no longer be trusted.

While the discussions go on -- the issue takes a different turn.

It is immaterial if Microsoft or the NSA or any other person has the actual second key!!!

Does it matter who has the second key as long as we know that there is a second key? And it would matter less if there were a few dozens keys more since if the water leaks from the barrel through this one hole -- security is being compromised -- and the number of holes would just add proportion to the risk.

Microsoft openly states that the second key is a "backup key". This is misleading, considering that millions of customers (using Windows 95/98 and Windows NT) are now vulnerable to brute force attacks against at least two keys, and worse, the second (and other) keys can be replaced or used without the user's knowledge or even detection.

Why is this Misleading? [Next]

Copyright 1999 Dr. Raj Mehta. All rights reserved.